Thursday, January 23, 2014
Tuesday, October 15, 2013
Simple encryption/description
I started using openssl and my public/private keypair to do some basic
password encryption deciption for use with expect to test production
servers. I found myself first using expect and hard coding my password and then
when I shared the script with someone I start freaking out wondering if
I shared my password by accident. This solves things.
Encrypt your password using your public key and put it as a binary file
somewhere safe like ~/.ssh/.encpass - you have access to decrypt it and
you probably have your public/private key pairs there, but you are not
likely to send that off when you share your cool bash/expect script.
In your bash script, you can simply run the decrypt function:
pass=$(openssl rsautl -decrypt -inkey ~/.ssh/id_rsa.pem -in ~/.ssh/.encpass)
Now pass has whatever you encrypted and you can use it in your script.
Here's what you do to pull this off. First, create a pem file of your
public private key pair and then encrypt your password. Steps:
> cd ~/.ssh
> openssl rsa -in id_rsa -outform pem > id_rsa.pem
> openssl rsa -in id_rsa -pubout -outform pem > id_rsa.pub.pem
> echo "my safe password" > .secret
> openssl rsautl -encrypt -inkey id_rsa.pub.pem -pubin -in .secret -out .encpass
> rm -f .secret
That's it. No need to keep the raw password around, just the encrypted
value. There's other variants you could do, you could create the .encpass
when you need and delete it after, whatever your comfortable with.
password encryption deciption for use with expect to test production
servers. I found myself first using expect and hard coding my password and then
when I shared the script with someone I start freaking out wondering if
I shared my password by accident. This solves things.
Encrypt your password using your public key and put it as a binary file
somewhere safe like ~/.ssh/.encpass - you have access to decrypt it and
you probably have your public/private key pairs there, but you are not
likely to send that off when you share your cool bash/expect script.
In your bash script, you can simply run the decrypt function:
pass=$(openssl rsautl -decrypt -inkey ~/.ssh/id_rsa.pem -in ~/.ssh/.encpass)
Now pass has whatever you encrypted and you can use it in your script.
Here's what you do to pull this off. First, create a pem file of your
public private key pair and then encrypt your password. Steps:
> cd ~/.ssh
> openssl rsa -in id_rsa -outform pem > id_rsa.pem
> openssl rsa -in id_rsa -pubout -outform pem > id_rsa.pub.pem
> echo "my safe password" > .secret
> openssl rsautl -encrypt -inkey id_rsa.pub.pem -pubin -in .secret -out .encpass
> rm -f .secret
That's it. No need to keep the raw password around, just the encrypted
value. There's other variants you could do, you could create the .encpass
when you need and delete it after, whatever your comfortable with.
Tuesday, May 28, 2013
Unmarshaling JSON using Go
I had a Doh! moment today writing some code to Unmarshal JSON string into a Go object. I swore up and down I had the code right, but my Object just didn't get populated. I was searching around and was about to break down and post to ask for help when it finally clicked.
I used lower case names for the fields in my structure, effectively rendering them private! So, once I went through and made the fields all start with a Capital, making them public, I was able to populate the structure.
For example:
type Some struct {
name string `json:"Name of item"`
age int `json:"age"`
}
Is a valid structure, but you won't populate using
some := Some{}
data, err = json.UnMarshal(jsonBytes, &some)
If you check some.name - it will be empty because it's lower case. The correct struct is:
type Some struct {
Name string `json:"Name of item"`
Age int `json:"age"`
}
I used lower case names for the fields in my structure, effectively rendering them private! So, once I went through and made the fields all start with a Capital, making them public, I was able to populate the structure.
For example:
type Some struct {
name string `json:"Name of item"`
age int `json:"age"`
}
Is a valid structure, but you won't populate using
some := Some{}
data, err = json.UnMarshal(jsonBytes, &some)
If you check some.name - it will be empty because it's lower case. The correct struct is:
type Some struct {
Name string `json:"Name of item"`
Age int `json:"age"`
}
Tuesday, February 19, 2013
Encrypting/decrypting files with openssl
If you want to encrypt and decrypt files using openssl command line tools, here is what you need to do.
First, you need to use your private key to generate a public key.
That is not to be confused with SSH public. Once you have that you can encrypt a file using your public key:
I find this useful when sharing scripts that require password and you don't want to store your password un-encrypted and you also don't want to have to remember to remove the password (if you did type in your password) before sharing it. I sometimes find it useful to create expect scripts to check multiple servers that do not support public/private key pair encryption and I don't want to put my clear text password in the script.
First, you need to use your private key to generate a public key.
openssl rsa -in ~/.ssh/id_rsa -pubout ~/.ssh/id_rsa.public
That is not to be confused with SSH public. Once you have that you can encrypt a file using your public key:
> echo "example">~/.ssh/passwd > openssl rsautl -encrypt -inkey ~/.ssh/id_rsa.public -pubin -in ~/.ssh/passwd -out ~/.ssh/.passwdenc > openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in ~/.ssh/.passwdenc example
I find this useful when sharing scripts that require password and you don't want to store your password un-encrypted and you also don't want to have to remember to remove the password (if you did type in your password) before sharing it. I sometimes find it useful to create expect scripts to check multiple servers that do not support public/private key pair encryption and I don't want to put my clear text password in the script.
Wednesday, May 4, 2011
Using ASP classic on Amazon EC2
Finding the right image is key, because i couldn't find the install disks to install IIS after the instance was started. I ended up finding IIS on an image that was Server2003 with SQLExpress as of this writing the AMI is ami-f31ff09a. Here are the basic steps:
1. Create the instance ami-f31ff09a
2. Wait 10-15 minutes for it to fire up
3. Get the password and write it down
4. Set up IIS to work right - need to enable ASP. This is done in the IIS console
5. Adjust explorer to allow access to sites and the ability to download so you can get your files
6. Get your ASP files and test away
1. Create the instance ami-f31ff09a
2. Wait 10-15 minutes for it to fire up
3. Get the password and write it down
4. Set up IIS to work right - need to enable ASP. This is done in the IIS console
5. Adjust explorer to allow access to sites and the ability to download so you can get your files
6. Get your ASP files and test away
Thursday, April 7, 2011
How to get the character code in emacs
Its not that easy to discover when googling around.
Mx describe-char
Shows you more information than you ever imagined.
Mx describe-char
Shows you more information than you ever imagined.
Saturday, November 27, 2010
Dealing with mail
This man not be 100% accurate, but its a starting point for folks trying to deal with mail issues.
Yahoo RBL
http://help.yahoo.com/l/us/yahoo/mail/postmaster/isp.html
http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulk.html
Call Yahoo! Small Business Technical Support: (800) 318-0783
MSN RBL
https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts&scrx=1
Comcast RBL
http://www.comcastsupport.com/Forms/NET/blockedprovider.asp
Verizon RBL
http://www2.verizon.net/micro/whitelist/
Charter.net
http://www.charter.com/postmaster
AOL RBL
http://postmaster.aol.com/tools/whitelist_guides.html
Postmaster hotline at 888-212-5537
http://postmaster.aol.com/trouble/
AT&T RBL
Contact rbl@abuse-att.net
Non-Members: 800-967-5363
Members: 800-400-1447
Sender Score
https://www.senderscore.org/lookup.php?lookup=206.54.148.24 Sender Score Check]
Other DNS/Blacklist tools
http://cbl.abuseat.org/lookup.cgi?ip=75.173.59.133
http://www.rulesemporium.com/cgi-bin/uribl.cgi
http://remote.12dt.com/
http://postmaster.aol.com/tools/rdns.html
http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=69.6.11.39
http://unblock.secureserver.net/
http://www.ahbl.org/lookup
http://www.iptools.com
Yahoo RBL
http://help.yahoo.com/l/us/yahoo/mail/postmaster/isp.html
http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulk.html
Call Yahoo! Small Business Technical Support: (800) 318-0783
MSN RBL
https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts&scrx=1
Comcast RBL
http://www.comcastsupport.com/Forms/NET/blockedprovider.asp
Verizon RBL
http://www2.verizon.net/micro/whitelist/
Charter.net
http://www.charter.com/postmaster
AOL RBL
http://postmaster.aol.com/tools/whitelist_guides.html
Postmaster hotline at 888-212-5537
http://postmaster.aol.com/trouble/
AT&T RBL
Contact rbl@abuse-att.net
Non-Members: 800-967-5363
Members: 800-400-1447
Sender Score
https://www.senderscore.org/lookup.php?lookup=206.54.148.24 Sender Score Check]
Other DNS/Blacklist tools
http://cbl.abuseat.org/lookup.cgi?ip=75.173.59.133
http://www.rulesemporium.com/cgi-bin/uribl.cgi
http://remote.12dt.com/
http://postmaster.aol.com/tools/rdns.html
http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=69.6.11.39
http://unblock.secureserver.net/
http://www.ahbl.org/lookup
http://www.iptools.com
Subscribe to:
Posts (Atom)